<!DOCTYPE html><html lang="zh-CN" data-theme="light"><head><meta charset="UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Node.js学习(十九.封装操作数据库和CSRF) | 小何blog (记录美好)</title><meta name="keywords" content="系列🏬,Node.js,数据库"><meta name="author" content="六根清静"><meta name="copyright" content="六根清静"><meta name="format-detection" content="telephone=no"><meta name="theme-color" content="#ffffff"><meta http-equiv="Cache-Control" content="no-transform"><meta http-equiv="Cache-Control" content="no-siteapp"><meta name="description" content="学习JavaScript之前要先搞清楚计算机基础，分清与HTML等标记语言的区别，这样能更好的帮我们学习JavaScript">
<meta property="og:type" content="article">
<meta property="og:title" content="Node.js学习(十九.封装操作数据库和CSRF)">
<meta property="og:url" content="https://liugenqingjing2.coding.me/2021/02/27/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF/index.html">
<meta property="og:site_name" content="小何blog (记录美好)">
<meta property="og:description" content="学习JavaScript之前要先搞清楚计算机基础，分清与HTML等标记语言的区别，这样能更好的帮我们学习JavaScript">
<meta property="og:locale" content="zh_CN">
<meta property="og:image" content="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210227/EcgLTE4WPOp^.jpg">
<meta property="article:published_time" content="2021-02-27T13:20:18.000Z">
<meta property="article:modified_time" content="2021-03-01T14:42:50.399Z">
<meta property="article:author" content="六根清静">
<meta property="article:tag" content="系列🏬">
<meta property="article:tag" content="Node.js">
<meta property="article:tag" content="数据库">
<meta name="twitter:card" content="summary">
<meta name="twitter:image" content="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210227/EcgLTE4WPOp^.jpg"><link rel="shortcut icon" href="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20200907/wOu*ZmuVb5A4.png"><link rel="canonical" href="https://liugenqingjing2.coding.me/2021/02/27/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF/"><link rel="preconnect" href="//cdn.jsdelivr.net"/><link rel="preconnect" href="//hm.baidu.com"/><link rel="preconnect" href="//fonts.googleapis.com" crossorigin="crossorigin"/><link rel="preconnect" href="//busuanzi.ibruce.info"/><link rel="stylesheet" href="/css/index.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free/css/all.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/node-snackbar/dist/snackbar.min.css"><script>var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?e829919a4d931d733ee74d5d97a51582";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
</script><link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Titillium+Web&amp;display=swap"><script>var GLOBAL_CONFIG = { 
  root: '/',
  algolia: undefined,
  localSearch: {"path":"search.xml","languages":{"hits_empty":"找不到您查询的内容：${query}"}},
  translate: {"defaultEncoding":2,"translateDelay":0,"msgToTraditionalChinese":"繁","msgToSimplifiedChinese":"簡"},
  noticeOutdate: undefined,
  highlight: {"plugin":"highlighjs","highlightCopy":true,"highlightLang":true},
  copy: {
    success: '复制成功',
    error: '复制错误',
    noSupport: '浏览器不支持'
  },
  relativeDate: {
    homepage: false,
    post: false
  },
  runtime: '天',
  date_suffix: {
    just: '刚刚',
    min: '分钟前',
    hour: '小时前',
    day: '天前',
    month: '个月前'
  },
  copyright: {"limitCount":20,"languages":{"author":"作者: 六根清静","link":"链接: ","source":"来源: 小何blog (记录美好)","info":"著作权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。"}},
  ClickShowText: undefined,
  lightbox: 'fancybox',
  Snackbar: {"chs_to_cht":"你已切换为繁体","cht_to_chs":"你已切换为简体","day_to_night":"你已切换为深色模式","night_to_day":"你已切换为浅色模式","bgLight":"#49b1f5","bgDark":"#121212","position":"bottom-left"},
  justifiedGallery: {
    js: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/js/jquery.justifiedGallery.min.js',
    css: 'https://cdn.jsdelivr.net/npm/justifiedGallery/dist/css/justifiedGallery.min.css'
  },
  isPhotoFigcaption: true,
  islazyload: true,
  isanchor: true
};

var saveToLocal = {
  set: function setWithExpiry(key, value, ttl) {
    const now = new Date()
    const expiryDay = ttl * 86400000
    const item = {
      value: value,
      expiry: now.getTime() + expiryDay,
    }
    localStorage.setItem(key, JSON.stringify(item))
  },

  get: function getWithExpiry(key) {
    const itemStr = localStorage.getItem(key)

    if (!itemStr) {
      return undefined
    }
    const item = JSON.parse(itemStr)
    const now = new Date()

    if (now.getTime() > item.expiry) {
      localStorage.removeItem(key)
      return undefined
    }
    return item.value
  }
}</script><script id="config_change">var GLOBAL_CONFIG_SITE = { 
  isPost: true,
  isHome: false,
  isHighlightShrink: false,
  isToc: true,
  postUpdate: '2021-03-01 22:42:50'
}</script><noscript><style type="text/css">
  #nav {
    opacity: 1
  }
  .justified-gallery img {
    opacity: 1
  }

  #recent-posts time,
  #post-meta time {
    display: inline !important
  }
</style></noscript><script>(function () {  window.activateDarkMode = function () {
    document.documentElement.setAttribute('data-theme', 'dark')
    if (document.querySelector('meta[name="theme-color"]') !== null) {
      document.querySelector('meta[name="theme-color"]').setAttribute('content', '#0d0d0d')
    }
  }
  window.activateLightMode = function () {
    document.documentElement.setAttribute('data-theme', 'light')
   if (document.querySelector('meta[name="theme-color"]') !== null) {
      document.querySelector('meta[name="theme-color"]').setAttribute('content', '#ffffff')
    }
  }
  const autoChangeMode = '2'
  const t = saveToLocal.get('theme')
  if (autoChangeMode === '1') {
    const isDarkMode = window.matchMedia('(prefers-color-scheme: dark)').matches
    const isLightMode = window.matchMedia('(prefers-color-scheme: light)').matches
    const isNotSpecified = window.matchMedia('(prefers-color-scheme: no-preference)').matches
    const hasNoSupport = !isDarkMode && !isLightMode && !isNotSpecified
    if (t === undefined) {
      if (isLightMode) activateLightMode()
      else if (isDarkMode) activateDarkMode()
      else if (isNotSpecified || hasNoSupport) {
        const now = new Date()
        const hour = now.getHours()
        const isNight = hour <= 6 || hour >= 18
        isNight ? activateDarkMode() : activateLightMode()
      }
      window.matchMedia('(prefers-color-scheme: dark)').addListener(function (e) {
        if (saveToLocal.get('theme') === undefined) {
          e.matches ? activateDarkMode() : activateLightMode()
        }
      })
    } else if (t === 'light') activateLightMode()
    else activateDarkMode()
  } else if (autoChangeMode === '2') {
    const now = new Date()
    const hour = now.getHours()
    const isNight = hour <= 6 || hour >= 18
    if (t === undefined) isNight ? activateDarkMode() : activateLightMode()
    else if (t === 'light') activateLightMode()
    else activateDarkMode()
  } else {
    if (t === 'dark') activateDarkMode()
    else if (t === 'light') activateLightMode()
  }const asideStatus = saveToLocal.get('aside-status')
if (asideStatus !== undefined) {
   if (asideStatus === 'hide') {
     document.documentElement.classList.add('hide-aside')
   } else {
     document.documentElement.classList.remove('hide-aside')
   }
}})()</script><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/HCLonely/images@master/others/heartbeat.min.css"><link rel="stylesheet" href="/css/shuo.css"/><link rel="stylesheet" href="/magnetcss/magnet.css"/><link rel="stylesheet" href="/css/calendar.css"/><link rel="stylesheet" href="//at.alicdn.com/t/font_2060620_l0j6b710zk.css"/><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/sviptzk/StaticFile_HEXO@latest/butterfly/css/font-awesome-animation.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/sviptzk/StaticFile_HEXO@latest/butterfly/css/macblack.css"><link rel="stylesheet" href="/css/change.css"><link rel="stylesheet" href="/news/css/news.css"/><style type="text/css">#toggle-sidebar {bottom: 80px}</style><link rel="stylesheet" href="/magnet/css/catalogMagnet.css"/><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/Zfour/Butterfly-double-row-display@1.00/cardlistpost.css"/><link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/sviptzk/StaticFile_HEXO@latest/butterfly/css/iconfont.min.css"><link rel="stykesheet" href="https://cdn.jsdelivr.net/gh/sviptzk/StaticFile_HEXO@latest/butterfly/css/pool.min.css"><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/font-awesome/css/font-awesome.min.css"/><link rel="stylesheet" href="/zan/zan.css"><link rel="stylesheet" href="/swiper/swiper.min.css"><link rel="stylesheet" href="/swiper/swiperstyle.css"><style>#article-container.post-content h1:before, h2:before, h3:before, h4:before, h5:before, h6:before { -webkit-animation: avatar_turn_around 1s linear infinite; -moz-animation: avatar_turn_around 1s linear infinite; -o-animation: avatar_turn_around 1s linear infinite; -ms-animation: avatar_turn_around 1s linear infinite; animation: avatar_turn_around 1s linear infinite; }</style><meta name="generator" content="Hexo 5.0.0"></head><body><div id="loading-box"><div class="loading-left-bg"></div><div class="loading-right-bg"></div><div class="wizard-scene"><div class="wizard-objects"><div class="wizard-square"></div><div class="wizard-circle"></div><div class="wizard-triangle"></div></div><div class="wizard"><div class="wizard-body"></div><div class="wizard-right-arm"><div class="wizard-right-hand"></div></div><div class="wizard-left-arm"><div class="wizard-left-hand"></div></div><div class="wizard-head"><div class="wizard-beard"></div><div class="wizard-face"><div class="wizard-adds"></div></div><div class="wizard-hat"><div class="wizard-hat-of-the-hat"></div><div class="wizard-four-point-star --first"></div><div class="wizard-four-point-star --second"></div><div class="wizard-four-point-star --third"></div></div></div></div></div></div><div id="web_bg"></div><div id="sidebar"><div id="menu-mask"></div><div id="sidebar-menus"><div class="author-avatar"><img class="avatar-img" data-lazy-src="http://01.027cgb.com/632500/1576904533264.jpg" onerror="onerror=null;src='/img/friend_404.gif'" alt="avatar"/></div><div class="site-data"><div class="data-item is-center"><div class="data-item-link"><a href="/archives/"><div class="headline">文章</div><div class="length-num">138</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/tags/"><div class="headline">标签</div><div class="length-num">63</div></a></div></div><div class="data-item is-center"><div class="data-item-link"><a href="/categories/"><div class="headline">分类</div><div class="length-num">8</div></a></div></div></div><hr/><div class="menus_items"><div class="menus_item"><a class="site-page" href="/stars/"><i class="fa-fw fas fa-star faa-shake animated-hover"></i><span> 收藏网址</span></a></div><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw iconfont icon-zhuye faa-shake animated-hover"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/blog.html"><i class="fa-fw iconfont icon-Artboard faa-shake animated-hover"></i><span> 博客</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw iconfont icon-guidang faa-shake animated-hover"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw iconfont icon-biaoqian faa-shake animated-hover"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw iconfont icon-yule1"></i><span> 娱乐</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page" href="/movies/"><i class="fa-fw iconfont icon-yingshi faa-shake animated-hover"></i><span> 影视</span></a></li><li><a class="site-page" href="/games/"><i class="fa-fw iconfont icon-youxi1 faa-shake animated-hover"></i><span> 游戏</span></a></li><li><a class="site-page" href="/galleryGroup"><i class="fa-fw iconfont icon-tuku faa-shake animated-hover"></i><span> 图库</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/messagepad/"><i class="fa-fw iconfont icon-ziyuan6 faa-shake animated-hover"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw iconfont icon-icon_xinyong_xianxing_jijin- faa-shake animated-hover"></i><span> 友情链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw iconfont icon-guanyuwomen faa-shake animated-hover"></i><span> 关于我</span></a></div></div></div></div><div id="body-wrap"><header class="post-bg" id="page-header" style="background-image: url(https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210227/EcgLTE4WPOp^.jpg)"><nav id="nav"><span id="blog_name"><a id="site-name" href="/">小何blog (记录美好)</a></span><span id="menus"><div id="search_button"><a class="site-page social-icon search"><i class="fas fa-search fa-fw"></i><span> 搜索</span></a></div><div class="menus_items"><div class="menus_item"><a class="site-page" href="/stars/"><i class="fa-fw fas fa-star faa-shake animated-hover"></i><span> 收藏网址</span></a></div><div class="menus_item"><a class="site-page" href="/"><i class="fa-fw iconfont icon-zhuye faa-shake animated-hover"></i><span> 主页</span></a></div><div class="menus_item"><a class="site-page" href="/blog.html"><i class="fa-fw iconfont icon-Artboard faa-shake animated-hover"></i><span> 博客</span></a></div><div class="menus_item"><a class="site-page" href="/archives/"><i class="fa-fw iconfont icon-guidang faa-shake animated-hover"></i><span> 归档</span></a></div><div class="menus_item"><a class="site-page" href="/tags/"><i class="fa-fw iconfont icon-biaoqian faa-shake animated-hover"></i><span> 标签</span></a></div><div class="menus_item"><a class="site-page" href="javascript:void(0);"><i class="fa-fw iconfont icon-yule1"></i><span> 娱乐</span><i class="fas fa-chevron-down expand"></i></a><ul class="menus_item_child"><li><a class="site-page" href="/movies/"><i class="fa-fw iconfont icon-yingshi faa-shake animated-hover"></i><span> 影视</span></a></li><li><a class="site-page" href="/games/"><i class="fa-fw iconfont icon-youxi1 faa-shake animated-hover"></i><span> 游戏</span></a></li><li><a class="site-page" href="/galleryGroup"><i class="fa-fw iconfont icon-tuku faa-shake animated-hover"></i><span> 图库</span></a></li></ul></div><div class="menus_item"><a class="site-page" href="/messagepad/"><i class="fa-fw iconfont icon-ziyuan6 faa-shake animated-hover"></i><span> 留言板</span></a></div><div class="menus_item"><a class="site-page" href="/link/"><i class="fa-fw iconfont icon-icon_xinyong_xianxing_jijin- faa-shake animated-hover"></i><span> 友情链接</span></a></div><div class="menus_item"><a class="site-page" href="/about/"><i class="fa-fw iconfont icon-guanyuwomen faa-shake animated-hover"></i><span> 关于我</span></a></div></div><span class="close" id="toggle-menu"><a class="site-page"><i class="fas fa-bars fa-fw"></i></a></span></span></nav><div id="post-info"><h1 class="post-title">Node.js学习(十九.封装操作数据库和CSRF)</h1><div id="post-meta"><div class="meta-firstline"><span class="post-meta-date"><i class="far fa-calendar-alt fa-fw post-meta-icon"></i><span class="post-meta-label">发表于</span><time class="post-meta-date-created" datetime="2021-02-27T13:20:18.000Z" title="发表于 2021-02-27 21:20:18">2021-02-27</time><span class="post-meta-separator">|</span><i class="fas fa-history fa-fw post-meta-icon"></i><span class="post-meta-label">更新于</span><time class="post-meta-date-updated" datetime="2021-03-01T14:42:50.399Z" title="更新于 2021-03-01 22:42:50">2021-03-01</time></span><span class="post-meta-categories"><span class="post-meta-separator">|</span><i class="fas fa-inbox fa-fw post-meta-icon"></i><a class="post-meta-categories" href="/categories/%E5%89%8D%E7%AB%AF%E5%AD%A6%E4%B9%A0/">前端学习</a></span></div><div class="meta-secondline"> <span class="post-meta-separator">|</span><span class="post-meta-wordcount"><i class="far fa-file-word fa-fw post-meta-icon"></i><span class="post-meta-label">字数总计:</span><span class="word-count">1.5k</span><span class="post-meta-separator">|</span><i class="far fa-clock fa-fw post-meta-icon"></i><span class="post-meta-label">阅读时长:</span><span>6分钟</span></span><span class="post-meta-separator">|</span><span class="post-meta-pv-cv"><i class="far fa-eye fa-fw post-meta-icon"></i><span class="post-meta-label">阅读量:</span><span id="busuanzi_value_page_pv"></span></span></div></div></div></header><main class="layout" id="content-inner"><div id="post"><article class="post-content" id="article-container"><h1 id="Node-js学习-十九-封装操作数据库和CSRF-："><a href="#Node-js学习-十九-封装操作数据库和CSRF-：" class="headerlink" title="Node.js学习(十九.封装操作数据库和CSRF)："></a>Node.js学习(十九.封装操作数据库和CSRF)：</h1><ul>
<li><h2 id="完善获取数据库数据的写法："><a href="#完善获取数据库数据的写法：" class="headerlink" title="完善获取数据库数据的写法："></a>完善获取数据库数据的写法：</h2><ul>
<li><p><strong>async+await版本：</strong></p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">app.get(<span class="string">&quot;/&quot;</span>,<span class="function">(<span class="params">req, res</span>)=&gt;</span>&#123;</span><br><span class="line">    (<span class="keyword">async</span> <span class="function"><span class="keyword">function</span>(<span class="params"></span>)</span>&#123;</span><br><span class="line">        <span class="keyword">let</span> Student = db.model(<span class="string">&quot;students&quot;</span>);  <span class="comment">//获取学生表模型</span></span><br><span class="line">        <span class="keyword">let</span> results = <span class="keyword">await</span> <span class="keyword">new</span> <span class="built_in">Promise</span>(<span class="function">(<span class="params">resolve,reject</span>)=&gt;</span>&#123;</span><br><span class="line">            Student.find(<span class="string">&#x27;id&gt;3&#x27;</span>,<span class="function">(<span class="params">err,data</span>)=&gt;</span>&#123;</span><br><span class="line">                <span class="keyword">if</span>(err)reject(err);</span><br><span class="line">                resolve(data);</span><br><span class="line">            &#125;);    </span><br><span class="line">        &#125;)</span><br><span class="line">        res.send(results);</span><br><span class="line">    &#125;)();</span><br><span class="line">&#125;)</span><br></pre></td></tr></table></figure>

<hr>
</li>
<li><p><strong>带捕获异常的版本:</strong></p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">(<span class="keyword">async</span> <span class="function"><span class="keyword">function</span>(<span class="params"></span>)</span>&#123;</span><br><span class="line">    <span class="keyword">let</span> Student = db.model(<span class="string">&quot;students&quot;</span>);  <span class="comment">//获取学生表模型</span></span><br><span class="line">    <span class="keyword">let</span> results </span><br><span class="line">    <span class="keyword">try</span>&#123;</span><br><span class="line">        results = <span class="keyword">await</span> <span class="keyword">new</span> <span class="built_in">Promise</span>(<span class="function">(<span class="params">resolve,reject</span>)=&gt;</span>&#123;</span><br><span class="line">            Student.find(<span class="string">&#x27;id&gt;3&#x27;</span>,<span class="function">(<span class="params">err,data</span>)=&gt;</span>&#123;</span><br><span class="line">                <span class="keyword">if</span>(err)reject(err);</span><br><span class="line">                resolve(data);</span><br><span class="line">            &#125;);    </span><br><span class="line">        &#125;)</span><br><span class="line">    &#125;<span class="keyword">catch</span>(err)&#123;</span><br><span class="line">        <span class="built_in">console</span>.log(err);</span><br><span class="line">        res.send(&#123;<span class="attr">errmsg</span>:<span class="string">&quot;数据库查询出错&quot;</span>&#125;)</span><br><span class="line">        <span class="keyword">return</span></span><br><span class="line">    &#125;</span><br><span class="line">    res.send(results);</span><br><span class="line">&#125;)();</span><br></pre></td></tr></table></figure>

</li>
</ul>
<hr>
</li>
<li><h2 id="封装handleDB"><a href="#封装handleDB" class="headerlink" title="封装handleDB:"></a>封装handleDB:</h2><ul>
<li><p><strong>在db文件夹中新建handleDB.js文件：</strong></p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="keyword">const</span> db = <span class="built_in">require</span>(<span class="string">&quot;./nodejs-orm&quot;</span>)</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">handleDB</span>(<span class="params">res,tableName,methodName,errorMsg, n1, n2</span>)</span>&#123;</span><br><span class="line">    <span class="comment">//数据库操作</span></span><br><span class="line">    <span class="keyword">let</span> Model = db.model(tableName);  <span class="comment">// 表映射为模型, 参数是要操作的这个表的表名</span></span><br><span class="line">    <span class="keyword">let</span> results;  <span class="comment">//results就收查询到的数据</span></span><br><span class="line">    <span class="keyword">try</span>&#123;</span><br><span class="line">        results = <span class="keyword">new</span> <span class="built_in">Promise</span>(<span class="function">(<span class="params">resolve, reject</span>)=&gt;</span>&#123;</span><br><span class="line">            <span class="comment">// Model.find(&quot;id&gt;=15&quot;,(err,data)=&gt;&#123;   //直接调用不封装</span></span><br><span class="line">            <span class="keyword">if</span>(!n1)&#123;</span><br><span class="line">                Model[methodName](<span class="function">(<span class="params">err,data</span>)=&gt;</span>&#123;    <span class="comment">//封装的时候使用这种格式 </span></span><br><span class="line">                    <span class="keyword">if</span>(err)reject(err);   <span class="comment">// 失败的时候调用reject()</span></span><br><span class="line">                    resolve(data);    <span class="comment">//成功的时候调用resolve() </span></span><br><span class="line">                &#125;);</span><br><span class="line">                <span class="keyword">return</span></span><br><span class="line">            &#125;</span><br><span class="line">            <span class="comment">//能够给执行到这里说明n1已经传进来了！</span></span><br><span class="line">            <span class="keyword">if</span>(!n2)&#123;</span><br><span class="line">                Model[methodName](n1,<span class="function">(<span class="params">err,data</span>)=&gt;</span>&#123;    <span class="comment">//封装的时候使用这种格式 </span></span><br><span class="line">                    <span class="keyword">if</span>(err)reject(err);   <span class="comment">// 失败的时候调用reject()</span></span><br><span class="line">                    resolve(data);    <span class="comment">//成功的时候调用resolve() </span></span><br><span class="line">                &#125;);</span><br><span class="line">                <span class="keyword">return</span></span><br><span class="line">            &#125;</span><br><span class="line">            <span class="comment">//能够给执行到这里说明n1和n2已经传进来了！</span></span><br><span class="line">            Model[methodName](n1,n2,<span class="function">(<span class="params">err,data</span>)=&gt;</span>&#123;    <span class="comment">//封装的时候使用这种格式 </span></span><br><span class="line">                <span class="keyword">if</span>(err)reject(err);   <span class="comment">// 失败的时候调用reject()</span></span><br><span class="line">                resolve(data);    <span class="comment">//成功的时候调用resolve() </span></span><br><span class="line">            &#125;);      </span><br><span class="line">        &#125;) </span><br><span class="line">    &#125;<span class="keyword">catch</span>(err)&#123;</span><br><span class="line">        <span class="built_in">console</span>.log(err); <span class="comment">// 给后台看到的</span></span><br><span class="line">        res.send(&#123;<span class="attr">errMsg</span>:errorMsg&#125;); <span class="comment">//给前端送过去的</span></span><br><span class="line">        <span class="keyword">return</span></span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> results</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"><span class="built_in">module</span>.exports = handleDB</span><br></pre></td></tr></table></figure>
</li>
<li><p><strong>在项目中：</strong></p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="keyword">const</span> db = <span class="built_in">require</span>(<span class="string">&quot;./db/handleDB&quot;</span>);</span><br><span class="line"></span><br><span class="line">app.get(<span class="string">&quot;/&quot;</span>, <span class="function">(<span class="params">req,res</span>)=&gt;</span>&#123;</span><br><span class="line">    (<span class="keyword">async</span> <span class="function"><span class="keyword">function</span>(<span class="params"></span>)</span>&#123;</span><br><span class="line">        <span class="comment">//获取参数， 判空</span></span><br><span class="line"></span><br><span class="line">        <span class="comment">//数据库操作</span></span><br><span class="line">        <span class="comment">// let results = await Promise对象</span></span><br><span class="line">        <span class="keyword">let</span> results = <span class="keyword">await</span> handleDB(res,<span class="string">&quot;students&quot;</span>, <span class="string">&quot;find&quot;</span>, <span class="string">&quot;students数据库插入数据出错！&quot;</span>);</span><br><span class="line">        <span class="comment">//后面我们在项目中操作数据库都可以使用上面这种做法</span></span><br><span class="line"></span><br><span class="line">        <span class="comment">//查询到的结果返回页面中去</span></span><br><span class="line">        res.send(results);</span><br><span class="line">    &#125;)();</span><br><span class="line">&#125;)</span><br></pre></td></tr></table></figure>

</li>
</ul>
<hr>
</li>
<li><h2 id="CSRF跨站请求伪造"><a href="#CSRF跨站请求伪造" class="headerlink" title="CSRF跨站请求伪造 :"></a>CSRF跨站请求伪造 :</h2><ul>
<li><p>CSRF全拼为<code>Cross Site Request Forgery</code>，译为<strong>跨站请求伪造</strong>。</p>
</li>
<li><p>CSRF指攻击者盗用了你的身份，以你的名义发送恶意请求。</p>
</li>
<li><p>包括：以你名义发送邮件，发消息，盗取你的账号，甚至于购买商品，虚拟货币转账……</p>
</li>
<li><p>造成的问题：个人隐私泄露以及财产安全。</p>
</li>
<li><p>CSRF请求伪造的示意图：</p>
<p><img src= "/img/loading.gif" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210301/eR8xElN8ebkt.png" alt="CSRF请求伪造的示意图"></p>
</li>
</ul>
<hr>
</li>
<li><h2 id="CSRF防护"><a href="#CSRF防护" class="headerlink" title="CSRF防护:"></a>CSRF防护:</h2><ul>
<li><h4 id="防护思路："><a href="#防护思路：" class="headerlink" title="防护思路："></a>防护思路：</h4><p><strong>1、请求转账页面的时候，服务器响应转账页面，在cookie中设置一个csrf_token值(随机48位字符串)。</strong></p>
<p><strong>2、客户端在进行post请求的时候，在请求头中带上自定义的属性’X-CSRFToken’ ，值为cookie中的csrf_token值。(要注意的是，此时的post请求，浏览器还会自发带着cookie中csrf_token到服务器。)</strong></p>
<p><strong>3、服务器在接收到post请求的时候，首先验证响应头中的x-csrftoken值，和cookies中的csrf_token是不是一致，如果不一致，需要return，直接结束处理，不进行后续工作。</strong></p>
</li>
<li><h4 id="完整步骤："><a href="#完整步骤：" class="headerlink" title="完整步骤："></a>完整步骤：</h4><ul>
<li><p>先安装<code>cookie-parser </code></p>
</li>
<li><p>生成n为随机字符串：</p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">getRandomString</span>(<span class="params">n</span>)</span>&#123;</span><br><span class="line">    <span class="keyword">var</span> str=<span class="string">&quot;&quot;</span>;</span><br><span class="line">    <span class="keyword">while</span>(str.length&lt;n)&#123;</span><br><span class="line">      str+=<span class="built_in">Math</span>.random().toString(<span class="number">36</span>).substr(<span class="number">2</span>);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="keyword">return</span> str.substr(str.length-n)</span><br><span class="line">&#125;</span><br><span class="line">getRandomString(<span class="number">48</span>);  <span class="comment">// 调用生成csrf_token</span></span><br></pre></td></tr></table></figure>
</li>
<li><p>get请求转账页面的时候，在cookie中设置一个csrf_token值(随机48位字符串)：</p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="keyword">if</span>(req.method==<span class="string">&quot;GET&quot;</span>)&#123;</span><br><span class="line">    <span class="comment">// 渲染转账页面的时候，同时在cookie中设置csrf_token</span></span><br><span class="line">    <span class="comment">//设置cookie和session</span></span><br><span class="line">    <span class="keyword">let</span> csrf_token = getRandomString(<span class="number">48</span>);</span><br><span class="line">    res.cookie(<span class="string">&#x27;csrf_token&#x27;</span>, csrf_token); </span><br><span class="line"></span><br><span class="line">    res.render(<span class="string">&#x27;temp_transfer&#x27;</span>);</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>接下来，在前端页面中，post请求时候带上自定义的属性<code>&#39;X-CSRFToken&#39; </code>，值为cookie中的csrf_token值：</p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">$.ajax(&#123;</span><br><span class="line">    url:<span class="string">&#x27;/transfer&#x27;</span>,</span><br><span class="line">    type:<span class="string">&#x27;post&#x27;</span>,</span><br><span class="line">    data:<span class="built_in">JSON</span>.stringify(params),</span><br><span class="line">    contentType:<span class="string">&#x27;application/json&#x27;</span>,</span><br><span class="line">    headers:&#123;<span class="string">&#x27;X-CSRFToken&#x27;</span>:getCookie(<span class="string">&#x27;csrf_token&#x27;</span>)&#125;,</span><br><span class="line">    success: <span class="function"><span class="keyword">function</span> (<span class="params">resp</span>) </span>&#123;</span><br><span class="line">         ....</span><br><span class="line">    &#125;</span><br><span class="line">&#125;)</span><br><span class="line">....</span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">getCookie</span>(<span class="params">name</span>) </span>&#123;   <span class="comment">//获取cookie的函数</span></span><br><span class="line">    <span class="keyword">var</span> r = <span class="built_in">document</span>.cookie.match(<span class="string">&quot;\\b&quot;</span> + name + <span class="string">&quot;=([^;]*)\\b&quot;</span>);</span><br><span class="line">    <span class="keyword">return</span> r ? r[<span class="number">1</span>] : <span class="literal">undefined</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
</li>
<li><p>最后回到服务器端，处理post请求的时候，判断响应头中的<code>x-csrftoken</code>值，和cookies中的<code>csrf_token</code>是不是一致，不一致就是CSRF验证不通过，直接return：</p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line">...</span><br><span class="line"><span class="keyword">else</span> <span class="keyword">if</span>(req.method==<span class="string">&quot;POST&quot;</span>)&#123;</span><br><span class="line">    <span class="comment">// 判断响应头中的x-csrftoken值，和cookies中的csrf_token进行对比</span></span><br><span class="line">    <span class="built_in">console</span>.log(req.headers[<span class="string">&quot;x-csrftoken&quot;</span>]);</span><br><span class="line">    <span class="built_in">console</span>.log(req.cookies[<span class="string">&quot;csrf_token&quot;</span>]);</span><br><span class="line"></span><br><span class="line">    <span class="keyword">if</span>((req.headers[<span class="string">&quot;x-csrftoken&quot;</span>] === req.cookies[<span class="string">&quot;csrf_token&quot;</span>]))&#123;</span><br><span class="line">        <span class="built_in">console</span>.log(<span class="string">&quot;csrf验证通过！&quot;</span>);</span><br><span class="line">    &#125;<span class="keyword">else</span>&#123;</span><br><span class="line">        res.send(<span class="string">&quot;csrf验证不通过！&quot;</span>);</span><br><span class="line">        <span class="keyword">return</span></span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment">// 以下可以开始正常处理post请求</span></span><br><span class="line">    ...</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

</li>
</ul>
</li>
</ul>
<hr>
</li>
<li><h2 id="对每一个POST请求都设置CSRF防护"><a href="#对每一个POST请求都设置CSRF防护" class="headerlink" title="对每一个POST请求都设置CSRF防护:"></a>对每一个POST请求都设置CSRF防护:</h2><ul>
<li><p>实际上，不仅仅转账需要CSRF防护，每一个post请求都需要做csrf的防护措施。</p>
</li>
<li><p>写法:</p>
<figure class="highlight javascript"><table><tr><td class="code"><pre><span class="line"><span class="keyword">const</span> router = express.Router();</span><br><span class="line"></span><br><span class="line">router.all(<span class="string">&#x27;/&#x27;</span>, <span class="function">(<span class="params">req, res</span>) =&gt;</span> &#123;</span><br><span class="line">    <span class="keyword">if</span>(req.method==<span class="string">&quot;GET&quot;</span>)&#123;</span><br><span class="line">        res.render(<span class="string">&#x27;temp_login&#x27;</span>)</span><br><span class="line">    &#125;</span><br><span class="line">    </span><br><span class="line">    ...</span><br><span class="line">&#125;);</span><br><span class="line">router.all(<span class="string">&#x27;/transfer&#x27;</span>, <span class="function">(<span class="params">req, res</span>) =&gt;</span> &#123;</span><br><span class="line">    </span><br><span class="line">   ...</span><br><span class="line">   </span><br><span class="line">    <span class="keyword">else</span> <span class="keyword">if</span>(req.method==<span class="string">&quot;POST&quot;</span>)&#123;</span><br><span class="line">        </span><br><span class="line">        <span class="keyword">let</span> &#123;to_account, money&#125; = req.body;</span><br><span class="line">        <span class="built_in">console</span>.log(to_account, money);</span><br><span class="line">        </span><br><span class="line">        <span class="comment">//执行转账功能： ....此处省略</span></span><br><span class="line">        <span class="built_in">console</span>.log(<span class="string">&quot;假装执行转账操作，将当前登录用户的钱转账到指定账户&quot;</span>);</span><br><span class="line">        <span class="built_in">console</span>.log(<span class="string">`已经完成转账<span class="subst">$&#123;money&#125;</span>元到账户<span class="subst">$&#123;to_account&#125;</span>`</span>);</span><br><span class="line">        </span><br><span class="line">        res.json(&#123;to_account,money&#125;);</span><br><span class="line"></span><br><span class="line">    &#125;</span><br><span class="line">&#125;);</span><br><span class="line"><span class="function"><span class="keyword">function</span> <span class="title">csrfProtect</span>(<span class="params">req, res, next</span>)</span>&#123;</span><br><span class="line">    <span class="keyword">let</span> method = req.method</span><br><span class="line">    <span class="keyword">if</span>(method==<span class="string">&quot;GET&quot;</span>)&#123;</span><br><span class="line">        <span class="keyword">let</span> csrf_token = getRandomString(<span class="number">48</span>);</span><br><span class="line">        res.cookie(<span class="string">&#x27;csrf_token&#x27;</span>, csrf_token);</span><br><span class="line">        next() <span class="comment">//执行跳转到下一个函数执行，即app.use(beforeReq,router)中的下一个</span></span><br><span class="line">    &#125;<span class="keyword">else</span> <span class="keyword">if</span>(method==<span class="string">&quot;POST&quot;</span>)&#123;</span><br><span class="line">        <span class="comment">// 判断响应头中的x-csrftoken值，和cookies中的csrf_token进行对比</span></span><br><span class="line">        <span class="built_in">console</span>.log(req.headers[<span class="string">&quot;x-csrftoken&quot;</span>]);</span><br><span class="line">        <span class="built_in">console</span>.log(req.cookies[<span class="string">&quot;csrf_token&quot;</span>]);</span><br><span class="line">        </span><br><span class="line">        <span class="keyword">if</span>((req.headers[<span class="string">&quot;x-csrftoken&quot;</span>] === req.cookies[<span class="string">&quot;csrf_token&quot;</span>]))&#123;</span><br><span class="line">            <span class="built_in">console</span>.log(<span class="string">&quot;csrf验证通过！&quot;</span>);</span><br><span class="line">            next()</span><br><span class="line">        &#125;<span class="keyword">else</span>&#123;</span><br><span class="line">            res.send(<span class="string">&quot;csrf验证不通过!！&quot;</span>);</span><br><span class="line">            <span class="keyword">return</span></span><br><span class="line">        &#125;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line">app.use(csrfProtect,router)</span><br></pre></td></tr></table></figure>

</li>
</ul>
</li>
</ul>
<hr>
</article><div class="post-copyright"><div class="post-copyright__author"><span class="post-copyright-meta">文章作者: </span><span class="post-copyright-info"><a href="mailto:undefined">六根清静</a></span></div><div class="post-copyright__type"><span class="post-copyright-meta">文章链接: </span><span class="post-copyright-info"><a href="https://liugenqingjing2.coding.me/2021/02/27/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF/">https://liugenqingjing2.coding.me/2021/02/27/Node-js学习-十九-封装操作数据库和CSRF/</a></span></div><div class="post-copyright__notice"><span class="post-copyright-meta">版权声明: </span><span class="post-copyright-info">本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" target="_blank">CC BY-NC-SA 4.0</a> 许可协议。转载请注明来自 <a href="https://liugenqingjing2.coding.me" target="_blank">小何blog (记录美好)</a>！</span></div></div><div class="tag_share"><div class="post-meta__tag-list"><a class="post-meta__tags" href="/tags/%E7%B3%BB%E5%88%97%F0%9F%8F%AC/">系列🏬</a><a class="post-meta__tags" href="/tags/Node-js/">Node.js</a><a class="post-meta__tags" href="/tags/%E6%95%B0%E6%8D%AE%E5%BA%93/">数据库</a></div><div class="post_share"><div class="social-share" data-image="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210227/EcgLTE4WPOp^.jpg" data-sites="facebook,twitter,wechat,weibo,qq"></div><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/social-share.js/dist/css/share.min.css"><script src="https://cdn.jsdelivr.net/npm/social-share.js/dist/js/social-share.min.js" defer></script></div></div><div class="post-reward"><div class="reward-button"><i class="fas fa-qrcode"></i> 打赏<div class="reward-main"><ul class="reward-all"><li class="reward-item"><a href="http://qew58kkb2.hn-bkt.clouddn.com/wechat%20%20%281%29.png" target="_blank"><img class="post-qr-code-img" data-lazy-src="http://qew58kkb2.hn-bkt.clouddn.com/wechat%20%20%281%29.png" alt="微信"/></a><div class="post-qr-code-desc">微信</div></li></ul></div></div></div><nav class="pagination-post" id="pagination"><div class="prev-post pull-left"><a href="/2021/03/14/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B(%E4%B8%8A)/"><img class="prev-cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/UMp@B^akHmf8.jpg" onerror="onerror=null;src='/img/404.jpg'"><div class="pagination-info"><div class="label">上一篇</div><div class="prev_info">Node.js学习(二十.Node.js项目流程(上))</div></div></a></div><div class="next-post pull-right"><a href="/2021/02/26/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E5%85%AB-%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E4%B9%8BORM%E6%A8%A1%E5%9D%97/"><img class="next-cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210226/Gi3*M2bO!s2d.jpg" onerror="onerror=null;src='/img/404.jpg'"><div class="pagination-info"><div class="label">下一篇</div><div class="next_info">Node.js学习(十八.操作数据库之ORM模块)</div></div></a></div></nav><div class="relatedPosts"><div class="headline"><i class="fas fa-thumbs-up fa-fw"></i><span> 相关推荐</span></div><div class="relatedPosts-list"><div><a href="/2021/03/14/Node-js学习-二十-Node-js项目流程(上)/" title="Node.js学习(二十.Node.js项目流程(上))"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/UMp@B^akHmf8.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-03-14</div><div class="title">Node.js学习(二十.Node.js项目流程(上))</div></div></a></div><div><a href="/2021/03/21/Node-js学习-二十三-跨域介绍和JSONP介绍/" title="Node.js学习(二十三.跨域介绍和JSONP介绍)"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210321/qWPEashJOuNK.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-03-21</div><div class="title">Node.js学习(二十三.跨域介绍和JSONP介绍)</div></div></a></div><div><a href="/2021/03/15/Node-js学习-二十一-Node-js项目流程-中/" title="Node.js学习(二十一.Node.js项目流程(中))"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/gSrAfCznw@^F.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-03-15</div><div class="title">Node.js学习(二十一.Node.js项目流程(中))</div></div></a></div><div><a href="/2021/03/20/Node-js学习-二十二-Node-js项目流程-下/" title="Node.js学习(二十二.Node.js项目流程(下))"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/CvAoe6kC5*f2.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-03-20</div><div class="title">Node.js学习(二十二.Node.js项目流程(下))</div></div></a></div><div><a href="/2021/02/23/Node-js学习-十七-Mysql数据库常用命令-下/" title="Node.js学习(十七.Mysql数据库常用命令(下))"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210223/So5M32ObqLxz.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-02-23</div><div class="title">Node.js学习(十七.Mysql数据库常用命令(下))</div></div></a></div><div><a href="/2021/02/20/Node-js学习-十五-数据库概述/" title="Node.js学习(十五.数据库概述)"><img class="cover" data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210220/lHkEVJKKG1lg.jpg" alt="cover"><div class="content is-center"><div class="date"><i class="far fa-calendar-alt fa-fw"></i> 2021-02-20</div><div class="title">Node.js学习(十五.数据库概述)</div></div></a></div></div></div><hr/><div id="post-comment"><div class="comment-head"><div class="comment-headline"><i class="fas fa-comments fa-fw"></i><span> 评论</span></div></div><div class="comment-wrap"><div><div class="vcomment" id="vcomment"></div></div></div></div></div><div class="aside_content" id="aside_content"><div class="card-widget card-info"><div class="card-content"><div class="card-info-avatar is-center"><img class="avatar-img" data-lazy-src="http://01.027cgb.com/632500/1576904533264.jpg" onerror="this.onerror=null;this.src='/img/friend_404.gif'" alt="avatar"/><div class="author-info__name">六根清静</div><div class="author-info__description">记录美好，记录生活，记录学习</div></div><div class="card-info-data"><div class="card-info-data-item is-center"><a href="/archives/"><div class="headline">文章</div><div class="length-num">138</div></a></div><div class="card-info-data-item is-center"><a href="/tags/"><div class="headline">标签</div><div class="length-num">63</div></a></div><div class="card-info-data-item is-center"><a href="/categories/"><div class="headline">分类</div><div class="length-num">8</div></a></div></div><a class="button--animated" id="card-info-btn" target="_blank" rel="noopener" href="https://gitee.com/he_chaoming/dashboard/projects?scope=public&amp;&amp;sort="><i class="fab fa-gofore"></i><span>My Gitee</span></a><div class="card-info-social-icons is-center"><a class="social-icon" href="https://github.com/he1213114428" target="_blank" title="Github"><i class="fab fa-github"></i></a><a class="social-icon" href="mailto:484695754@qq.com" target="_blank" title="Email"><i class="fas fa-envelope"></i></a><a class="social-icon" href="tencent://message/?uin=484695754" target="_blank" title="QQ"><i class="fab fa-qq"></i></a></div></div></div><div class="card-widget card-recent-post"><div id="gamenews"><div class="card-content"><div class="item-headline"><i class="fas fa-cube"></i><span>ROLL资讯</span><i class="fas fa-retweet" @click="changetype(current)" style="float:right;margin-top:8px"></i></div><div class="newsbar"><span v-for="(type, index) in listtype" v-on:click="addClass(index)" v-bind:class="{ listtypeon:index==current}">{{type}}</span></div><div class="aside-list"><div class="aside-list-item" v-for="(news,index) in newsvue"><a class="thumbnail" href="javascript:void(0)" @click="getnewsdata(index)" :title="news.title"><img class="loaded" onerror="this.onerror=null;this.src='/img/404.jpg'" data-ll-status="loaded" :src="news.imgList[0]"/></a><div class="content"><a class="title" href="javascript:void(0)" @click="getnewsdata(index)" :title="news.title">{{news.title}}</a><time>{{news.postTime}}</time></div></div></div></div><div id="newsmodal"><button class="modalclose" @click="hidemodle()">关闭</button><h2>{{newpostvue.title}} </h2><h4>{{newpostvue.ptime}} &nbsp;&nbsp; {{newpostvue.source}}</h4><div v-html="newpostvue.content"></div></div></div></div><div class="card-widget card-shuo"><div class="card-content" style="height:auto;min-height:280px;"><div class="item-headline"><i class="fas fa-comments"></i><span>&#x8BF4;&#x8BF4</span><a id="shuovisualchange" style="cursor:pointer;float:right" onclick="shuovisualchange()">编辑</a></div><div id="artitalk_main" style="width:100%;height:100%;padding:10px"></div></div></div><div class="sticky_layout"></div><div class="card-widget card-history"><div class="card-content"><div class="item-headline"><i class="fas fa-paw fa-spin"></i><span>那年今日</span></div><div id="history-news" style="height: 100px;overflow: hidden;"><div id="history-card"></div></div></div></div><div class="card-widget card-announcement"><div class="card-content"><div class="item-headline"><i class="fas fa-bullhorn card-announcement-animation"></i><span>公告</span></div><div class="announcement_content">大学生一枚，软件工程，想做全栈攻城狮，哈哈，有兴趣可以加 QQ:484695754 (也可以点上面的logo)，一起交流学习</div></div></div><div class="sticky_layout"><div class="card-widget" id="card-toc"><div class="card-content"><div class="item-headline"><i class="fas fa-stream"></i><span>目录</span></div><div class="toc-content"><ol class="toc"><li class="toc-item toc-level-1"><a class="toc-link" href="#Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF-%EF%BC%9A"><span class="toc-number">1.</span> <span class="toc-text">Node.js学习(十九.封装操作数据库和CSRF)：</span></a><ol class="toc-child"><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%AE%8C%E5%96%84%E8%8E%B7%E5%8F%96%E6%95%B0%E6%8D%AE%E5%BA%93%E6%95%B0%E6%8D%AE%E7%9A%84%E5%86%99%E6%B3%95%EF%BC%9A"><span class="toc-number">1.1.</span> <span class="toc-text">完善获取数据库数据的写法：</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%B0%81%E8%A3%85handleDB"><span class="toc-number">1.2.</span> <span class="toc-text">封装handleDB:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#CSRF%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0"><span class="toc-number">1.3.</span> <span class="toc-text">CSRF跨站请求伪造 :</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#CSRF%E9%98%B2%E6%8A%A4"><span class="toc-number">1.4.</span> <span class="toc-text">CSRF防护:</span></a><ol class="toc-child"><li class="toc-item toc-level-4"><a class="toc-link" href="#%E9%98%B2%E6%8A%A4%E6%80%9D%E8%B7%AF%EF%BC%9A"><span class="toc-number">1.4.0.1.</span> <span class="toc-text">防护思路：</span></a></li><li class="toc-item toc-level-4"><a class="toc-link" href="#%E5%AE%8C%E6%95%B4%E6%AD%A5%E9%AA%A4%EF%BC%9A"><span class="toc-number">1.4.0.2.</span> <span class="toc-text">完整步骤：</span></a></li></ol></li></ol></li><li class="toc-item toc-level-2"><a class="toc-link" href="#%E5%AF%B9%E6%AF%8F%E4%B8%80%E4%B8%AAPOST%E8%AF%B7%E6%B1%82%E9%83%BD%E8%AE%BE%E7%BD%AECSRF%E9%98%B2%E6%8A%A4"><span class="toc-number">1.5.</span> <span class="toc-text">对每一个POST请求都设置CSRF防护:</span></a></li></ol></li></ol></div></div></div><div class="card-widget card-recent-post"><div class="card-content"><div class="item-headline"><i class="fas fa-history"></i><span>最新文章</span></div><div class="aside-list"><div class="aside-list-item"><a class="thumbnail" href="/2021/03/21/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%B8%89-%E8%B7%A8%E5%9F%9F%E4%BB%8B%E7%BB%8D%E5%92%8CJSONP%E4%BB%8B%E7%BB%8D/" title="Node.js学习(二十三.跨域介绍和JSONP介绍)"><img data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210321/qWPEashJOuNK.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Node.js学习(二十三.跨域介绍和JSONP介绍)"/></a><div class="content"><a class="title" href="/2021/03/21/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%B8%89-%E8%B7%A8%E5%9F%9F%E4%BB%8B%E7%BB%8D%E5%92%8CJSONP%E4%BB%8B%E7%BB%8D/" title="Node.js学习(二十三.跨域介绍和JSONP介绍)">Node.js学习(二十三.跨域介绍和JSONP介绍)</a><time datetime="2021-03-21T13:40:58.000Z" title="发表于 2021-03-21 21:40:58">2021-03-21</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/20/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%BA%8C-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B-%E4%B8%8B/" title="Node.js学习(二十二.Node.js项目流程(下))"><img data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/CvAoe6kC5*f2.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Node.js学习(二十二.Node.js项目流程(下))"/></a><div class="content"><a class="title" href="/2021/03/20/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%BA%8C-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B-%E4%B8%8B/" title="Node.js学习(二十二.Node.js项目流程(下))">Node.js学习(二十二.Node.js项目流程(下))</a><time datetime="2021-03-20T14:33:29.000Z" title="发表于 2021-03-20 22:33:29">2021-03-20</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/15/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%B8%80-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B-%E4%B8%AD/" title="Node.js学习(二十一.Node.js项目流程(中))"><img data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/gSrAfCznw@^F.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Node.js学习(二十一.Node.js项目流程(中))"/></a><div class="content"><a class="title" href="/2021/03/15/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81%E4%B8%80-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B-%E4%B8%AD/" title="Node.js学习(二十一.Node.js项目流程(中))">Node.js学习(二十一.Node.js项目流程(中))</a><time datetime="2021-03-15T04:35:12.000Z" title="发表于 2021-03-15 12:35:12">2021-03-15</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/03/14/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B(%E4%B8%8A)/" title="Node.js学习(二十.Node.js项目流程(上))"><img data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210320/UMp@B^akHmf8.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Node.js学习(二十.Node.js项目流程(上))"/></a><div class="content"><a class="title" href="/2021/03/14/Node-js%E5%AD%A6%E4%B9%A0-%E4%BA%8C%E5%8D%81-Node-js%E9%A1%B9%E7%9B%AE%E6%B5%81%E7%A8%8B(%E4%B8%8A)/" title="Node.js学习(二十.Node.js项目流程(上))">Node.js学习(二十.Node.js项目流程(上))</a><time datetime="2021-03-14T14:36:58.000Z" title="发表于 2021-03-14 22:36:58">2021-03-14</time></div></div><div class="aside-list-item"><a class="thumbnail" href="/2021/02/27/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF/" title="Node.js学习(十九.封装操作数据库和CSRF)"><img data-lazy-src="https://gitee.com/he_chaoming/blog_tuchuang/raw/master/20210227/EcgLTE4WPOp^.jpg" onerror="this.onerror=null;this.src='/img/404.jpg'" alt="Node.js学习(十九.封装操作数据库和CSRF)"/></a><div class="content"><a class="title" href="/2021/02/27/Node-js%E5%AD%A6%E4%B9%A0-%E5%8D%81%E4%B9%9D-%E5%B0%81%E8%A3%85%E6%93%8D%E4%BD%9C%E6%95%B0%E6%8D%AE%E5%BA%93%E5%92%8CCSRF/" title="Node.js学习(十九.封装操作数据库和CSRF)">Node.js学习(十九.封装操作数据库和CSRF)</a><time datetime="2021-02-27T13:20:18.000Z" title="发表于 2021-02-27 21:20:18">2021-02-27</time></div></div></div></div></div></div></div></main><footer id="footer"><div id="footer-wrap"><div class="copyright">&copy;2020 - 2021 By 六根清静</div><div class="framework-info"><span>框架 </span><a target="_blank" rel="noopener" href="https://hexo.io">Hexo</a><span class="footer-separator">|</span><span>主题 </span><a target="_blank" rel="noopener" href="https://github.com/jerryc127/hexo-theme-butterfly">Butterfly</a></div><div class="footer_custom_text">Hi,  welcome  to  my  <a  href="">blog</a>!</div><div class="icp"><a><img class="icp-icon" src="/img/icp.png" alt="ICP"/><span>豫ICP备2020025430号</span></a></div></div></footer></div><div id="rightside"><div id="rightside-config-hide"><button id="readmode" type="button" title="阅读模式"><i class="fas fa-book-open"></i></button><button id="translateLink" type="button" title="简繁转换">简</button><button id="darkmode" type="button" title="浅色和深色模式转换"><i class="fas fa-adjust"></i></button><button id="hide-aside-btn" type="button"><i class="fas fa-arrows-alt-h"></i></button></div><div id="rightside-config-show"><button id="rightside_config" type="button" title="设置"><i class="fas fa-cog"></i></button><button class="close" id="mobile-toc-button" type="button" title="目录"><i class="fas fa-list-ul"></i></button><button id="chat_btn" type="button" title="rightside.chat_btn"><i class="fas fa-sms"></i></button><a id="to_comment" href="#post-comment" title="直达评论"><i class="fas fa-comments"></i></a><button id="go-up" type="button" title="回到顶部"><i class="fas fa-arrow-up"></i></button></div></div><div id="local-search"><div class="search-dialog"><div class="search-dialog__title" id="local-search-title">本地搜索</div><div id="local-input-panel"><div id="local-search-input"><div class="local-search-box"><input class="local-search-box--input" placeholder="搜索文章" type="text"/></div></div></div><hr/><div id="local-search-results"><div id="local-hits"></div><div id="local-stats"><div class="local-search-stats__hr" id="hr"><span>由</span> <a target="_blank" rel="noopener" href="https://github.com/wzpan/hexo-generator-search" style="color:#49B1F5;">hexo-generator-search</a>
 <span>提供支持</span></div></div></div><span class="search-close-button"><i class="fas fa-times"></i></span></div><div id="search-mask"></div></div><div><script src="https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script src="/js/utils.js"></script><script src="/js/main.js"></script><script src="/js/tw_cn.js"></script><script src="https://cdn.jsdelivr.net/npm/@fancyapps/fancybox@latest/dist/jquery.fancybox.min.js"></script><script src="https://cdn.jsdelivr.net/npm/instant.page/instantpage.min.js" type="module" defer></script><script src="https://cdn.jsdelivr.net/npm/vanilla-lazyload/dist/lazyload.iife.min.js"></script><script src="https://cdn.jsdelivr.net/npm/node-snackbar/dist/snackbar.min.js"></script><script src="/js/search/local-search.js"></script><script async="async">var preloader = {
  endLoading: () => {
    document.body.style.overflow = 'auto';
    document.getElementById('loading-box').classList.add("loaded")
  },
  initLoading: () => {
    document.body.style.overflow = '';
    document.getElementById('loading-box').classList.remove("loaded")

  }
}
window.addEventListener('load',()=> {preloader.endLoading()})
setTimeout(function(){preloader.endLoading();}, 50000);</script><div class="js-pjax"><script>function loadValine () {
  function initValine () {
    let initData = {
      el: '#vcomment',
      appId: 'kW2ft895T235y7DxmyJmXX5X-MdYXbMMI',
      appKey: 'v0zBPCAdwiJ0xg4s4eSfusLD',
      placeholder: '建议使用QQ邮箱，评论头像采用QQ头像',
      avatar: 'monsterid',
      meta: 'nick,mail,link'.split(','),
      pageSize: '10',
      lang: 'zh-CN',
      recordIP: false,
      serverURLs: 'https://???????.api.lncldglobal.com',
      emojiCDN: '',
      emojiMaps: "",
      enableQQ: true,
      path: window.location.pathname,
      master: '1f76478c4ec918ffc6d50de6b68db531'.split(','),
      friends: '5c?????bfe6rfc72a????e268ad3819c,7c?????bfe65fc02a????e2????3919c'.split(','),
      tagMeta: '博主,小伙伴,访客'.split(',')
    }

    if (true) { 
      initData.requiredFields= ('nick,mail'.split(','))
    }
    
    if (false) {
      const otherData = false
      initData = Object.assign({}, initData, otherData)
    }
    
    const valine = new Valine(initData)
  }

  if (typeof Valine === 'function') initValine() 
  else $.getScript('https://cdn.jsdelivr.net/gh/HCLonely/Valine@latest/dist/Valine.min.js', initValine)
}

if ('Valine' === 'Valine' || !true) {
  if (true) btf.loadComment(document.querySelector('#vcomment'),loadValine)
  else setTimeout(() => loadValine(), 0)
} else {
  function loadOtherComment () {
    loadValine()
  }
}</script><script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script></div><script src='https://cdn.jsdelivr.net/npm/artitalk'></script><script> $(".category-list-count").prepend("<i class=\"fas fa-book\"></i>");</script><script src="/js/list.js"></script><script src="/js/gitcalendar.js"></script><script src="/js/calendar.js"></script><script src="/js/xkTool.js"></script><script src="/js/pjax.js"></script><script src="/magnet/js/vue.min.js"></script><script src="/magnet/js/catalogMagnet.js"></script><script src="/js/airvisualapi.js"></script><script src="/js/history.js"></script><script src="/js/historyroll.js"></script><script src="/js/change.js"></script><script type="text/javascript" src="https://www.airvisual.com/scripts/widget_v2.0.js"></script><script> setTimeout(function(){$('.monoline').eq(0).html($(".monoline strong").eq(0).text().replace('°','℃'));},5000);</script><script src="https://cdn.jsdelivr.net/gh/sviptzk/HexoStaticFile@latest/Hexo/js/mouse_snow.min.js"></script><script src="/js/myBg.js"></script><script src="/js/shuo.js"></script><script src="/js/artitalkkey.js"></script><script src="/news/js/keys.js"></script><script src="/news/js/news.js"></script><script src="https://cdn.jsdelivr.net/gh/sviptzk/StaticFile_HEXO@latest/butterfly/js/pool.min.js"><script src="https://cdn.jsdelivr.net/npm/jquery@latest/dist/jquery.min.js"></script><script src="/stars/stars.js"></script><script src="https://cdn1.lncld.net/static/js/3.5.0/av-min.js"></script><script src="/zan/zan.js"></script><div class="aplayer no-destroy" data-id="2916766519" data-server="netease" data-type="playlist" data-fixed="true" data-mini="true" data-listFolded="false" data-order="random" data-preload="none" data-autoplay="false" muted></div><script src="/swiper/swiper.min.js"></script><script src="/swiper/swiperindex.js"></script><script async src="//at.alicdn.com/t/font_2264842_3izu8i5eoc2.js"></script><canvas class="fireworks" mobile="false"></canvas><script src="/js/third-party/fireworks.js"></script><script src="/js/third-party/activate-power-mode.js"></script><script>POWERMODE.colorful = true;
POWERMODE.shake = true;
POWERMODE.mobile = false;
document.body.addEventListener('input', POWERMODE);
</script><script>(function(i,s,o,g,r,a,m){i["DaoVoiceObject"]=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;a.charset="utf-8";m.parentNode.insertBefore(a,m)})(window,document,"script",('https:' == document.location.protocol ? 'https:' : 'http:') + "//widget.daovoice.io/widget/6fdec148.js","daovoice")
</script><script>var isChatBtn = true
daovoice('init', {
  app_id: '6fdec148',},{
  launcher: { 
     disableLauncherIcon: isChatBtn // 悬浮 ICON 是否显示
  },
});
daovoice('update');

if (isChatBtn) {
  var chatBtnFn = () => {
    var chatBtn = document.getElementById("chat_btn")
    chatBtn.addEventListener("click", function(){
      daovoice('show')
    });
  }
  chatBtnFn()
} else {
  if (true) {
    function chatBtnHide () {
      daovoice('update', {},{
        launcher: { 
        disableLauncherIcon: true // 悬浮 ICON 是否显示
        },
      });
    }
    function chatBtnShow () {
      daovoice('update', {},{
        launcher: { 
        disableLauncherIcon: false // 悬浮 ICON 是否显示
        },
      });
    }
  }
}</script><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/aplayer/dist/APlayer.min.css"><script src="https://cdn.jsdelivr.net/npm/aplayer/dist/APlayer.min.js"></script><script src="https://cdn.jsdelivr.net/gh/metowolf/MetingJS@1.2/dist/Meting.min.js"></script></div><script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","tagMode":false,"debug":false,"model":{"scale":1,"hHeadPos":0.5,"vHeadPos":0.618,"jsonPath":"/live2dw/assets/unitychan.model.json"},"display":{"superSample":2,"width":150,"height":300,"position":"right","hOffset":0,"vOffset":-20},"mobile":{"show":true,"scale":0.6},"react":{"opacityDefault":0.7,"opacityOnHover":0.8},"log":false});</script></body></html>